A blog covering security and security technology.
  1. Friday Squid Blogging: Dead Squid on Prince Edward Island

    A beach on Prince Edward Island is littered with dead squid. No one knows why. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here....
  2. New Report on Chinese Intelligence Cyber-Operations

    The company ProtectWise just published a long report linking a bunch of Chinese cyber-operations over the past few years. The always interesting gruqq has some interesting commentary on the group and its tactics. Lots of detailed information in the report, but I admit that I have never heard of ProtectWise or its research team 401TRG. Independent corroboration of this information...
  3. Suing South Carolina Because Its Election Machines Are Insecure

    A group called Protect Democracy is suing South Carolina because its insecure voting machines are effectively denying people the right to vote. Note: I am an advisor to Protect Democracy on its work related to election cybersecurity, and submitted a declaration in litigation it filed, challenging President Trump's now-defunct "election integrity" commission....
  4. Defeating the iPhone Restricted Mode

    Recently, Apple introduced restricted mode to protect iPhones from attacks by companies like Cellebrite and Greyshift, which allow attackers to recover information from a phone without the password or fingerprint. Elcomsoft just announced that it can easily bypass it. There is an important lesson in this: security is hard. Apple Computer has one of the best security teams on the...
  5. Installing a Credit Card Skimmer on a POS Terminal

    Watch how someone installs a credit card skimmer in just a couple of seconds. I don't know if the skimmer just records the data and is collected later, or if it transmits the data back to some base station....
  6. Reasonably Clever Extortion E-mail Based on Password Theft

    Imagine you've gotten your hands on a file of e-mail addresses and passwords. You want to monetize it, but the site it's for isn't very valuable. How do you use it? You convince the owners of the password to send you money. I recently saw a spam e-mail that ties the password to a porn site. The e-mail title contains...
  7. Gas Pump Hack

    This is weird: Police in Detroit are looking for two suspects who allegedly managed to hack a gas pump and steal over 600 gallons of gasoline, valued at about $1,800. The theft took place in the middle of the day and went on for about 90 minutes, with the gas station attendant unable to thwart the hackers. The theft, reported...
  8. Friday Squid Blogging: Antifungal Squid-Egg Coating

    The Hawaiian bobtail squid coats its eggs with antifungal bacteria. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here....
  9. WPA3

    Everyone is writing about the new WPA3 Wi-Fi security standard, and how it improves security over the current WPA2 standard. This summary is as good as any other: The first big new feature in WPA3 is protection against offline, password-guessing attacks. This is where an attacker captures data from your Wi-Fi stream, brings it back to a private computer, and...
  10. Department of Commerce Report on the Botnet Threat

    Last month, the US Department of Commerce released a report on the threat of botnets and what to do about it. I note that it explicitly said that the IoT makes the threat worse, and that the solutions are largely economic. The Departments determined that the opportunities and challenges in working toward dramatically reducing threats from automated, distributed attacks can...

Copyright © 2018 • All Rights Reserved.Simple Systems of Vermont LLC
1 High Street • Brandon, VT 05733 • Contact Us